Twitter flooded with malicious tweets from compromised accounts

Over the last 24 hours or so, Twitter has been flooded with spam tweets from compromised accounts which appear to be coming from third party apps and services.

It has been observed that social media spam has been replacing email spam in recent times and now Twitter has apparently been hit yet again by a sizeable wave of such spam tweets. According to Ars Technica, the tweets initially seemed to be coming from accounts linked to social image sharing site weheartit.com. However, later on, the same tweets started appearing from “Twitter for iPhone” which isn’t necessarily a reliable indicator, as the source can be easily spoofed.

Weheartit.com’s president responded to Ars in an email saying, “We are definitely seeing some malicious activity which we have now blocked and are investigating further. Unfortunately I don’t have any other information I can share at this point.” The company has since disabled Twitter logins and sharing to prevent further spam.

All the tweets which have been observed by Twitter users contain the same message: “If I didn’t try this my life wouldn’t have changed” and a shortened URL. It is yet to be determined whether the spam URL links to spyware but users are recommended not to click on these links nonetheless. Those users whose accounts have been compromised should revoke access to the third-party services linked to their accounts and change their passwords to prevent further spam.